Login Sign Up

CVE-2025-52452

8.5 HIGH
Path Traversal

📋 TL;DR

This path traversal vulnerability in Salesforce Tableau Server allows attackers to access files outside the intended directory via the tabdoc API's duplicate-data-source modules. It affects Tableau Server installations on Windows and Linux before specific patched versions. Attackers could potentially read sensitive system files.

💻 Affected Systems

Products:
  • Salesforce Tableau Server
Versions: Before 2025.1.3, before 2024.2.12, before 2023.3.19
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Affects tabdoc API duplicate-data-source modules specifically

📦 What is this software?

Tableau Server by Tableau

View all CVEs affecting Tableau Server →

Tableau Server by Tableau

View all CVEs affecting Tableau Server →

Tableau Server by Tableau

View all CVEs affecting Tableau Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via reading sensitive configuration files, credentials, or deploying malicious payloads to arbitrary locations

🟠

Likely Case

Unauthorized reading of sensitive files containing credentials, configuration data, or other business information

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent unauthorized API access

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Path traversal vulnerabilities typically have low exploitation complexity once the vulnerable endpoint is identified

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2025.1.3, 2024.2.12, or 2023.3.19 depending on your version track

Vendor Advisory: https://help.salesforce.com/s/articleView?id=005105043&type=1

Restart Required: Yes

Instructions:

1. Identify current Tableau Server version. 2. Download appropriate patch from Salesforce portal. 3. Apply patch following vendor instructions. 4. Restart Tableau Server services.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict access to Tableau Server API endpoints to trusted networks only

Web Application Firewall Rules

all

Implement WAF rules to block path traversal patterns in API requests

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate Tableau Server from sensitive systems
  • Deploy web application firewall with path traversal detection rules

🔍 How to Verify

Check if Vulnerable:

Check Tableau Server version against affected versions list

Check Version:

On Tableau Server: Check administration settings or run appropriate version command for your OS

Verify Fix Applied:

Verify version is 2025.1.3, 2024.2.12, or 2023.3.19 or later

📡 Detection & Monitoring

Log Indicators:

  • Unusual API requests to tabdoc endpoints with path traversal patterns (../ sequences)
  • Failed file access attempts outside expected directories

Network Indicators:

  • HTTP requests containing path traversal sequences to Tableau Server API endpoints

SIEM Query:

source="tableau" AND (uri="*../*" OR uri="*..\\*" OR method="POST" AND uri="*/api/*tabdoc*")

📊 Metadata

CVE ID: CVE-2025-52452
CVSS v3 Score: 8.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-22
EPSS Score: 0.06% exploit probability (18.9th percentile)
Published: July 25, 2025
Last Updated: October 31, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-52452, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)